Login Sign Up

CVE-2024-30593

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a stack overflow vulnerability in Tenda FH1202 routers that allows remote attackers to execute arbitrary code by sending specially crafted requests to the deviceName parameter. The vulnerability affects Tenda FH1202 routers running vulnerable firmware versions, potentially compromising the entire device and network.

💻 Affected Systems

Products:
  • Tenda FH1202
Versions: v1.2.0.14(408)
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface of the router. All devices running this specific firmware version are vulnerable.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to persistent backdoor installation, credential theft, network pivoting, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or launch attacks against internal network devices.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces exposed.
🏢 Internal Only: MEDIUM - Could be exploited by compromised internal devices or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public GitHub repository contains detailed analysis and likely exploit code. Stack overflow vulnerabilities in embedded devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin panel 4. Navigate to firmware upgrade section 5. Upload and apply new firmware 6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

  • Place router behind firewall with strict inbound rules blocking all WAN access to management ports
  • Implement network monitoring for unusual traffic patterns or exploit attempts targeting the router

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin panel at 192.168.0.1 or 192.168.1.1, navigate to System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version or check web interface

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v1.2.0.14(408)

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to formSetDeviceName endpoint
  • Multiple failed login attempts followed by deviceName parameter manipulation

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns suggesting router compromise

SIEM Query:

source="router_logs" AND (uri="/goform/setDeviceName" OR uri="/goform/formSetDeviceName") AND (param="deviceName" AND length>100)

📊 Metadata

CVE ID: CVE-2024-30593
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 28, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30593, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)